|
289191
|
- |
|
plone
zope
|
plone
zope
|
The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to g…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-5489
|
2024-11-21 10:44 |
2014-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289192
|
- |
|
plone
|
plone
|
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject.
|
CWE-94
Code Injection
|
CVE-2012-5488
|
2024-11-21 10:44 |
2014-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289193
|
- |
|
plone
|
plone
|
The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and e…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-5487
|
2024-11-21 10:44 |
2014-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289194
|
- |
|
plone
zope
|
plone
zope
|
ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.
|
NVD-CWE-Other
|
CVE-2012-5486
|
2024-11-21 10:44 |
2014-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289195
|
- |
|
plone
|
plone
|
registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface.
|
CWE-94
Code Injection
|
CVE-2012-5485
|
2024-11-21 10:44 |
2014-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289196
|
- |
|
ekiga
|
ekiga
|
lib/engine/components/opal/opal-call.cpp in ekiga before 4.0.0 allows remote attackers to cause a denial of service (crash) via an OPAL connection with a party name that contains invalid UTF-8 string…
|
CWE-20
Improper Input Validation
|
CVE-2012-5621
|
2024-11-21 10:44 |
2014-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289197
|
- |
|
sleuthkit
|
the_sleuth_kit
|
The Sleuth Kit (TSK) 4.0.1 does not properly handle "." (dotfile) file system entries in FAT file systems and other file systems for which . is not a reserved name, which allows local users to hide a…
|
CWE-20
Improper Input Validation
|
CVE-2012-5619
|
2024-11-21 10:44 |
2014-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289198
|
- |
|
freefloat
|
freefloat_ftp_server
|
Stack-based buffer overflow in FreeFloat FTP Server 1.0 allows remote authenticated users to execute arbitrary code via a long string in a PUT command.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2012-5106
|
2024-11-21 10:44 |
2014-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289199
|
- |
|
apereo
|
phpcas
|
phpCAS before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle a…
|
CWE-310
Cryptographic Issues
|
CVE-2012-5583
|
2024-11-21 10:44 |
2014-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289200
|
- |
|
condor_project
|
condor
|
The standard universe shadow (condor_shadow.std) component in Condor 7.7.3 through 7.7.6, 7.8.0 before 7.8.5, and 7.9.0 does no properly check privileges, which allows remote attackers to gain privil…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-5390
|
2024-11-21 10:44 |
2014-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
